0

I do have a RADIUS server which called a custom script for authentication in the past. In the /etc/freeradius/sites-enabled/default, I modified the following lines to archieve this:

authorize{
    update control{
        Auth-Type := `/usr/bin/php5 -f /usr/api/apilogin.php %{User-Name} %{User-Password}`
    }
}

This worked fine when I used PHP and echoed "Accept" or "Reject" in the file. Now I have the problem that I have to use a Python Script. I created an apilogin.py file which prints "Accept" or "Reject" and called it with:

authorize{
    update control{
        Auth-Type := `/usr/bin/python /usr/api/apilogin.py %{User-Name} %{User-Password}`
    }
}

Unfortunately, the RADIUS always replies with an Access-Reject package. The apilogin.py file normally appends a textlogfile with "Successful/Failed login for ...". But when I want to test the login with radtest, the textlogfile does not become appended. So I think the script is not called at all.

When calling the script via "/usr/bin/python /usr/api/apilogin.py testuser testpwd", the script prints Accept, appends the log and exits as intended.

I do not understand, why this works with PHP but not with Python. Is echo in PHP a more special command since there is a difference between "echo" and "print"?

I appreciate any hints!

Drudge
  • 135
  • 1
  • 2
  • 12
  • I suppose radius runs scripts as radius user not as root, in which case many things can go wrong, from the log file being writable only by root, to the script not working as non-root – Dan May 20 '15 at 17:27
  • I tried it with "sudo -su freerad" and executed the python script. There were some errors with the permissions of the log file which I fixed now. Unfortunately it does still not work. Wenn I call a PHP-script and execute the python script by using PHP's passthru-command, it works fine. But python on its own does not work. – Drudge May 21 '15 at 10:14

0 Answers0